PT-2023-24740 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter in the create customer group function. Thi...

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

Sql injection

A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the updatebannermessage function...

CVE-2023-40934

A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings...

Jeecg-Boot SQL Injection Vulnerability (CNVD-2023-70070)

Jeecg-Boot is a low-code platform based on a code generator. A SQL injection vulnerability exists in Jeecg-Boot v3.5.3 and earlier versions, which stems from a lack of validation of externally entered SQL statements in the component /jeecg-boot/jmreport/show. An attacker can exploit this...

Simple Membership System SQL Injection Vulnerability

Simple Membership System is a simple membership system. A SQL injection vulnerability exists in Simple Membership System v1.0, which stems from the lack of validation of the clubid parameter of the file clubeditquery.php against an externally entered SQL statement. An attacker can exploit this...

CVE-2023-39980

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...

Sql injection

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...

CVE-2023-39980 MXsecurity Authenticated Information Disclosure Due to SQL Injection

A vulnerability that allows the unauthorized disclosure of authenticated information has been identified in MXsecurity versions prior to v1.0.1. This vulnerability arises when special elements are not neutralized correctly, allowing remote attackers to alter SQL commands...

IBM Security Guardium SQL Injection Vulnerability (CNVD-2023-66731)

IBM Security Guardium is a suite of platforms from International Business Machines IBM that provide data protection capabilities. The platform includes features such as custom UI, report management and streamlined audit process building. IBM Security Guardium version 11.4 suffers from a SQL...

Online Travel Agency System article_edit.php File SQL Injection Vulnerability

Online Travel Agency System is an online travel agency system. A SQL injection vulnerability exists in Online Travel Agency System v1.0, which originates from a lack of validation of the articleedit.php parameter pageid against an externally-entered SQL statement. An attacker can exploit this...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66418)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

ScienceLogic SL1 SQL Injection Vulnerability (CNVD-2023-66414)

ScienceLogic SL1 is an application from ScienceLogic, Inc. Connect your real estate together to automate multidirectional data flow and workflow. A SQL injection vulnerability exists in ScienceLogic SL1 11.1.2 and earlier versions, which stems from a lack of validation of externally entered SQL...

Sql injection

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username and password field...

Simple Online Mens Salon Management System SQL Injection Vulnerability (CNVD-2023-65139)

Simple Online Mens Salon Management System is open source a men's salon management system . Simple Online Mens Salon Management System v1.0 version of the SQL injection vulnerability, the vulnerability stems from the file /admin/?page=user/manageuser &id=3 parameter id lack of validation of...

Path traversal

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

CVE-2022-46898

An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file...

ROS-20230627-01

The vulnerability in the Moodle virtual learning environment is related to insufficient cleansing of data submitted by users, in the external Wiki method for listing pages, a user can send a specially crafted query to the affected application and execute limited SQL commands on the application's...

Lost and Found Information System index.php File SQL Injection Vulnerability

Lost and Found Information System is a lost and found information system. A SQL injection vulnerability exists in Lost and Found Information System v1.0, which originates from the parameter cid in the file items/index.php that lacks validation of externally entered SQL statements. An attacker can...

Fedora 36 : moodle (2023-49eb814ccc)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-49eb814ccc advisory. Fixes for CVE-2023-30943 and CVE-2023-30944. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...